I'm trying to help my friend understand this because he believes that since a site is very popular, that it's less likely to infect its viewers because of its security! Is a popular site less likely to infect its viewers?

Please answer this question as detailed as possible so I can direct him to this site.

In theory, I don't see why a porn company would care any less about its reputation than any other company. They stand to lose millions if they tarnish their image.
–
GiliJun 27 '14 at 6:35

7

What does it mean — a website infected with malware? Does it infect user computers after they visit the site? If so, this is a bug in user's browser, isn't it? By definition, browser should be able to go through every webpage and stay secure.
–
Sarge BorschJun 27 '14 at 7:59

2

Not sure if the type of site matters very much. Just an anecdote, but I've recently seen a machine where Microsoft Security Essentials caught some malware being served into a Skype ad (i.e. they don't even scan their own ads with their own products in advance).
–
BrunoJun 27 '14 at 10:39

4 Answers
4

I think it's generally popular sites, not just porn sites. However there might be some reasons why pornsites tend to attract more malware.

Mostly malware originates from dodgy advertisement platforms. Because the morality of porn is often debated and not accepted in every culture, a lot of larger advertisement websites, such as Google Ads, do not allow their advertisements to be published on a porn site. This means that porn websites need to turn to somewhat dodgier advertisement provider to get money (porn sites make money from ads). One thing that happens is spreading adware and even right-out malware through these advertisements.

The problem is that even reliable advertisers sometimes can be hacked.
For example, in the past we had such issues with one of the top five
porn paysites in the world," xHamster told the BBC. "Now our reliable
partners are checking new advertisers very strictly, so it's almost
impossible to put a new site with malware on xHamster.

The conclusion of the article is that it's not inherent to porn websites alone, but generally popular websites.

It's easy to dismiss this as a problem reserved for a reviled, fringe
industry but that is simply not the case. According to Bob Hansmann,
security research marketing manager at Websense, any site which draws
traffic is a potential target for malvertising.

"Past research by the Websense Security Labs has actually illustrated
that popular beats porn when it comes to malicious content," Hansmann
told SecurityWatch. He explained that even blocking access to
so-called risky content like porn and gambling would do little to
protect against malvertising attacks.

"Such threats are now more common on ‘business’ and ‘technology’
sites," he said. "Malware is everywhere."

It's worth noting that the ranking service Alexa lists xHamster as the
46th most popular website on the Internet, and Pornhub the 63rd. Of
course, malvertisers will tailor their ads to appeal to what they
perceive their victim's preferences to be but they would do this for
any site.

Just a few months ago, Google detected malicious ads on the New York
Times and HuffPo. The issue was malicious content being delivered
through the NetSeer advertising platform. For a while, the popular
Google Chrome browser blocked access to these sites. Hansmann pointed
to similar attacks affecting Spotify and the London Stock Exchange.

One point I'd make is people are less likely to report malware they picked up of a porn site. This may allow issues to continue longer and give additional incentive to hackers.
–
LiathJun 27 '14 at 8:01

1

@Liath - Akin to being mugged in the wrong part of town. Would you tell Mom? Hmmmmm... no!
–
CoffeeJun 30 '14 at 16:37

1

I remember seeing an article saying that there was more malware on religious sites than porn sites.
–
sweeneyrodSep 24 '14 at 17:56

It's a myth that porn sites are more risky to use than other websites when it comes to malware. This report published by Symantec in 2011 (PDF, see page 33) identified that you can get malware from pretty much any kind of website, even those which can be work-related for many professions. In fact, porn sites ranked lower than many other categories of websites.

Many infections originated from reputable websites which got compromised by hackers to spread malware. But according to this report, the most common source of malware are personal blogs.

I speculate that the reason for this is that many bloggers use popular content management systems like Wordpress but then do not take due diligence in updating it regularly. I assume that many black-hat hackers run automated bots which scan the web for outdated installations with known security vulnerabilities and automatically place malware payloads on them.

It depends upon the site; popularity does not guarantee that it is safe or secure. Various factors that can contribute to insecurity are (AND BE AWARE THAT THIS IS ONLY THE PARTIAL ANSWER):

Does it scrape or link to numerous other sites?

There are numerous free sites that collect links and display images to
porn on multiple other sites, but do not host any of it themselves.
One common theme about them is that they all redirect you to
advertisements, other porn collection sites, and continually hit you
with XXX dating site popups and video phone sex sites. In effect,
sending you down a rabbit hole looking for what you wanted, bypassing
browser protections, and offering multiple ways of collecting personal
information.

Any type of content can have something malicious embedded into it. The
more it utilizes the system, the more potentially damaging it can be.

Who created the content, when was it created, and how many times has it been redistributed before it was uploaded to where it was found?

Many of the common porn sites still link to porn from decades ago,
hosted on sites that are not even remotely owned by the people who
originally created it. And it is sad to say, but a lot of porn is not
created or hosted by the nicest of people. There is also the fact that
there has always been a very strong connection between the sex trades
and criminal organizations. With cyber crime in the top 5 of
international crime, there is always a good chance that any site could
be a drive by computer compromise waiting to happen.

Is it an upload site where multiple people can upload whatever they want?

There are sites that allow any person to upload any type of graphic
material they want. Most of them that I have personally seen are
pretty archaic or amateurish in terms of their web technologies or
their execution. So it also implies that the back end protection might
also be old, outdated. or ineptly implemented.

Exceptions like the many Pinterest clones that allow you to upload a
link, and the site will scrape that content, probably have good
protection; but it probably also wouldn't provide protection from
unique malware with custom signatures that target zero day exploits.
There are constantly new forms of virii, trojans, and worms being
produced that no anti-virus company is aware of. They only know when
someone who has detected a compromise submits a sample for analysis.

Porn on the web can be hosted on any number of blog services, web
hosting companies, cloud platforms, or private servers. Which makes
for a huge number of variables between what is displayed, and the
protections in place to protect both the content and the people who
surf that site. A lot of porn sites are even hosted on compromised
home computers and university/business servers.

The older the operating system that hosts the web server, the more
outdated the technology and the more exploits and security flaws that
are known about it. The same applies to the various web servers. Every
hacker worth their salt knows how to fingerprint a server's OS to
determine version, scan its ports to find out which ones are open and
what services are listening, as well as make an initial determination
of what exploits and payloads are likely to allow them to compromise
it.

Where is the host located, is it cached in various geographic regions for faster distribution, and who caches it?

The general location of the physical host can give you a strong hint
about how compromising a porn site is likely to be. Servers located in
Russia, China, or Eastern Europe would be very suspicious. A smart way to get around
this is to have a proxy that redistributes the content from the
primary server. This both makes the distribution of the content faster
for various geographic locations since it is cached locally, but can also
obfuscate the actual origin of the content itself and inspire a false
sense of security.

What type and version of programming went into the website - Java, Ruby, Python, HTML, JavaScript, CSS, VisualBasic, etc?

The web pages themselves are composed of numerous possible elements,
all with various versions, possible compromises, sloppy programming,
links to databases, possible security keys, etc. Part of profiling a
web site for compromise is to take apart and analyze the application
itself. Just right clicking and hitting "View page source" will tell
you a lot. Defacing and compromising a website is one of the most
common ways for hackers to compromise identities for profit,
compromise computers to create drones for a botnet, encrypt a hard
drive for extortion, or just for the fun of crashing someone's
computer.